Skip to content
Snippets Groups Projects
Commit 48ffa6fe authored by Nick Kralevich's avatar Nick Kralevich
Browse files

fix build. 

  libsepol.check_assertion_helper: neverallow on line 166 of external/sepolicy/domain.te (or line 5056 of policy.conf) violated by allow recovery unlabeled:file { create };
  Error while expanding policy
  make: *** [out/target/product/generic/obj/ETC/sepolicy.recovery_intermediates/sepolicy.recovery] Error 1

(cherry picked from commit 3508d611)

Change-Id: I5efa1f2040fc40df1df44ed1b8e84b6080cb8f74
parent bb2a06a7
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 1 deletion
domain.te
+ 1
1
View file @ 48ffa6fe
...@@ -163,7 +163,7 @@ allow domain { asec_public_file asec_apk_file }:dir r_dir_perms; ...@@ -163,7 +163,7 @@ allow domain { asec_public_file asec_apk_file }:dir r_dir_perms;
### ###
# Do not allow any confined domain to create new unlabeled files. # Do not allow any confined domain to create new unlabeled files.
neverallow { domain -unconfineddomain } unlabeled:dir_file_class_set create; neverallow { domain -unconfineddomain -recovery } unlabeled:dir_file_class_set create;
# Limit ability to ptrace or read sensitive /proc/pid files of processes # Limit ability to ptrace or read sensitive /proc/pid files of processes
# with other UIDs to these whitelisted domains. # with other UIDs to these whitelisted domains.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment